Secrecy was easier in the days when an organization could put all its sensitive information in a locked file cabinet. Even after the dawn of automation, systems were largely local, and could be put under lock and key. Even then, of course, the organization placed a great deal of trust in the person who had the key to that door.
With today’s highly distributed and globally integrated systems, outsourced processes, and leased infrastructure, organizations still need ways to be confident in that kind of locked-door security. One problem is that software, as it runs, is rather easy to observe and to tamper with. A systems expert can employ a wide range of tools to figure out what’s happening inside a processor, eavesdrop on network traffic, change a computer clock, and tamper with the integrity of your information and business processes. Given how easy it is to tamper with software, those processes that rely on the use of secret keys, such as encryption and digital signing, are particularly at risk; those keys can be compromised and the processes abused. Performing cryptographic operations in software, then, might provide a reasonable level of protection for some applications and low-level data. But for your most sensitive and high-value information—information that must be protected to prevent serious risk to the business—you will need to seek higher levels of assurance.
Fortunately, it is possible to deploy a modern equivalent of that locked door—a measure of physical security that will add valuable levels of data protection. This is the role of tamper-resistant hardware, also called “hardened” security. Think of tamper-resistant devices as small, highly granular locked rooms that protect specific information and applications from attack, providing that all-important physical barrier.
Risks Associated with Tamper Resistant Security
- Attackers can easily tamper with software-based processes and applications; applications that rely on the use of cryptographic keys—such as applications for encryption, digital signing, or time stamping—are especially vulnerable.
- As systems become more distributed, virtual, and integrated, traditional physical barriers become more difficult and costly to implement.
- Attacks can result in data loss; given the rise of data breach disclosure laws and privacy mandates, data loss can be an increasingly public and costly affair.
- Compliance auditing requirements are more costly and time-consuming to address if they rely on ‘compensating controls’ to make up for the lack of physical protection for software based systems.
Thales e-Security Solutions
Many products from Thales e-Security are delivered in the form of tamper-resistant devices that significantly increase security over software-based processes. They incorporate a range of techniques that include epoxy potting of sensitive electronics, multi-layered intrusion detection systems, custom designed chassis and enclosures to prevent probing attacks, and real-time monitoring of environmental conditions such as temperature and power. While organizations in financial services and government have long made use of tamper-resistant devices such as Thales hardware security modules (HSMs) as a security best practice, our products also make it practical for organizations in a variety of sectors to improve their security by adopting similar practices. As a result, many more organizations now have cost-effective ways to implement higher levels of assurance while maintaining operational efficiency.
While devices from Thales have been proven in a range of settings including some of the world’s most stringent environments, you do not need to take our word for the fact that they are more secure. Thales products have been independently certified to meet FIPS 140-2 and Common Criteria standards. With respect to tampering, the FIPS 140-2 standard defines four increasing, qualitative levels of security:
- Level 1: Requires production-grade equipment and externally tested algorithms
- Level 2: Adds requirements for physical tamper-evidence and role-based authentication.
- Level 3: Adds requirements for physical tamper-resistance and identity-based authentication.
- Level 4: This level makes physical security requirements more stringent, requiring the ability to be tamper-responsive, erasing the contents of the device if it detects various forms of attack.
Tamper-resistant devices from Thales are typically certified to the FIPS 140-2 Level 3 standard, which has become the most widely accepted benchmark for hardware security in practical enterprise settings. [Learn more about FIPS and Common Criteria standards]
- Gain a new level of confidence in the security of your cryptographic processes.
- Employ best practices that have been perfected within the government and financial services sectors.
- Take advantage of products that have been independently certified to meet FIPS and Common Criteria standards.
- Improve security not only for local systems, but also for highly distributed, integrated, and cloud-based systems.
- Reduce the cost and complexity of complying with regulatory requirements and emerging standards.
- Apply tamper resistance to application code as well as keys and cryptographic processes by taking advantage of the nShield HSM CodeSafe capability for secure execution.